JBoss is able to redirect from non-secured port to secured port based on the web.xml security constraint. Is it possible to do the reverse? ex. Redirect from secured port to non-secured port. I tested the following and it doesn't work.
e.x.
web.xml
======================================
<security-constraint>
<web-resource-collection>
<web-resource-name>Non-Secured Contents</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>POST</http-method>
<http-method>GET</http-method>
</web-resource-collection>
<user-data-constraint>
NO SSL required.
<transport-guarantee>NONE</transport-guarantee><!-- NONE|CONFIDENTIAL|INTEGRAL -->
</user-data-constraint>
</security-constraint>
======================================
parcel jboss.jcml:
======================================
80
http
443
2
<Connector
className="org.apache.catalina.connector.http.HttpConnector"
port="443" minProcessors="5" maxProcessor="75" acceptCount="10"
enableLookups="true" scheme="https" secure="true" redirectPort="80">
<Factory className="org.jboss.web.catalina.security.SSLServerSocketFactory"
securityDomainName="java:/jaas/tomcat" clientAuth="false" protocol="TLS" />
<Connector className="org.apache.catalina.connector.http.HttpConnector"
port="8080" minProcessors="5" maxProcessors="75"
enableLookups="true" redirectPort="8443"
acceptCount="10" debug="0" connectionTimeout="60000"/>
<Connector
className="org.apache.catalina.connector.http.HttpConnector"
port="8443" minProcessors="5" maxProcessor="75" acceptCount="10"
enableLookups="true" scheme="https" secure="true" redirectPort="8080">
<Factory className="org.jboss.web.catalina.security.SSLServerSocketFactory"
securityDomainName="java:/jaas/tomcat" clientAuth="false" protocol="TLS" />
======================================
I tested this, but it doesn't work.